vault-frontmatter
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a utility for managing local Markdown files. It provides clear, task-specific instructions for metadata maintenance without any suspicious or malicious operations.
- [COMMAND_EXECUTION]: The skill utilizes allowed platform tools (
Grep,Read,Edit,Write) to perform string replacements within files. There is no evidence of arbitrary shell command execution or the use of unsanitized user input in a command context. - [DATA_EXFILTRATION]: All operations are local to the file system. The skill does not initiate network requests or attempt to move data to external locations.
- [PROMPT_INJECTION]: The instructions do not attempt to override agent safety protocols, extract system prompts, or bypass constraints. The language is professional and focused on the stated utility.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or sensitive credentials were found. The skill operates on notes and specifically avoids sensitive directories such as
.git/or.ssh/. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill reads user-supplied Markdown files using
GrepandReadtools. - Boundary markers: The instructions focus on structured YAML frontmatter sections, which naturally provides some isolation from the rest of the note content.
- Capability inventory: The skill has the ability to write to and edit local files using
WriteandEdittools. - Sanitization: The skill uses specific regex-like patterns (e.g.,
^id:) to identify content for modification, reducing the risk of misinterpreting malicious instructions embedded in the notes.
Audit Metadata